Educause Security Discussion mailing list archives
Re: Vendor Participation on List and Proper Identification
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Thu, 28 Jul 2005 18:00:47 -0600
Hello, Cases like this really are disappointing. As a vendor that frequents this list, I believe that there is a lot of advantage to the educational community to have input from technical experts in the field. I am an employer in addition to being a "vendor." One of the greatest challenges that we encounter is finding individuals that are recent college graduates and that have the educational background necessary to begin a career with us even as a Junior Security Expert. I believe that interfaces between corporations and academia are crucial to the success of new college graduates after leaving school. When you ask technical questions and research technical products, you are bringing this information back to your institution and thus potentially increasing the exposure of latest technological solutions to your student body. Students who wish to broaden their educational experience as work study or volunteers in the Campus IT Departments especially benefit from this interaction. Ultimately, I benefit by passing this information on to reach new Information Security Students. I am really sorry to hear that some of my peers in the corporate world are abusing this privilege that could be very beneficial to both academia and corporations alike. However, if some choose to abuse this privilege, they should not be allowed to participate in this group. Those of us that are participating by sharing our expertise in a professional manner with the academic community still have a lot to offer. As I described above, I believe that academia has a lot to gain from this interaction. I don't feel that Jamie Stapleton's post was a direct ethical violation of any vendor/academia interaction. Mr. Stapleton is a vendor for a product that he obviously (hopefully) believes in. He has chosen to sell this product and thus has researched it greatly and has explained why he felt that it was a better tool than another product that was a free solution. I did not see where Jamie ever even said that he sold the product. I have offered advice on different occassions on this forum. I have presented free tools and so forth that others can use to help their institution. I have also said that I would be willing to help institutions out however I could. In my spare time, I have sat on technical advising boards at several universities without any compensation other than knowing (hoping) that I was advancing technology, and encouraging the natural inquisitions that the computer science industry provokes. I hope that all vendors and representatives of various corporations that frequent these lists are not punished for the unfortunate actions of a few individuals. Sincerely, Sarah E Stevens, CISSP, CISM Stevens Technologies, Inc.
IMO this issue seems to be a little broader that than just a simple "List-Serve" issue. Shortly after I responded to an email on this list regarding our
various
problems with Cisco's Acquitition of Perfigo, I have been swamped
with calls
from various vendors. Since I did not post my direct phone number in
my
posting, these calls have all came through our main campus phone
line,
asking for me. As this is the only forum in which I've mentioned
anything
about this issue, it's pretty clear where these vendors got my
contact
information. While I agree that vendor input on issues and questions can be very
valuable
here, this list should not be used as a sales / marketing "Hit
List". Jamie
@ CBSI did the correct thing, Identified himself as a Vendor,
attempted to
answer our questions. It seems that there are many other vendors
out there
that are using this list soley as a marketing / sales lead tool. -----Original Message----- From: Information Security [mailto:infosecurity () UTPA EDU] Sent: Thursday, July 28, 2005 9:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Vendor Participation on List and Proper Identification Parker, Ron wrote:Before we all bounce down this road about vendors on the list,
remember
that EDUCAUSE's policies do allow it. I think it can be valuable in many cases.Seconded. Let's save that argument until the day someone abuses the
list.
Jamie Stapleton's posts are generally helpful and worth reading, and
it's
clear from his email address he is a vendor. Not a problem to me.
Let's
return to the discussion of spam appliances... I'm surprised no-one
has
mentioned Brightmail yet - that's usually the one I hear when a
company is
programming-phobic and wants a managed solution. As far as I
understand it,
their approach is primarily spamtrap-based and they mark only mails
that
they've seen elsewhere in spamtraps. They have a good reputation
but I
worry that betting the farm on one technique is a long-term risk, as polymorphic and customised spams become more prevalent. I've already started receiving spams where some of the 'whitening'
text was
taken from my own web site, in order to get past my Bayesian
filters.
That's pretty sophisticated, and I have to wonder why the spammers bother,
because
if someone goes to the effort of installing a spam filter you might
imagine
that they'd never respond to spam even if it did slip through. Graham
--
Current thread:
- Vendor Participation on List and Proper Identification Parker, Ron (Jul 28)
- <Possible follow-ups>
- Re: Vendor Participation on List and Proper Identification Information Security (Jul 28)
- Re: Vendor Participation on List and Proper Identification Dave Koontz (Jul 28)
- Re: Vendor Participation on List and Proper Identification Sarah Stevens (Jul 28)
- Re: Vendor Participation on List and Proper Identification Tom Bossie (Jul 29)
- Re: Vendor Participation on List and Proper Identification Dennis Meharchand, CEO Valt.x (Jul 29)
- Re: Vendor Participation on List and Proper Identification Theresa M Rowe (Jul 29)
- Re: Vendor Participation on List and Proper Identification Jimmy L. Fikes (Jul 29)
- Re: Vendor Participation on List and Proper Identification John Nunnally (Jul 29)
- Re: Vendor Participation on List and Proper Identification Jason Richardson (Jul 29)
- Re: Vendor Participation on List and Proper Identification Harry A'Hole (Jul 29)
- Re: Vendor Participation on List and Proper Identification Jason Richardson (Jul 29)
- Re: Vendor Participation on List and Proper Identification Parker, Ron (Aug 02)